CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...

CVE-2000-1186

CVE-2000-1186 describes a buffer overflow in the phf CGI program that allows remote command execution by supplying a large number of arguments and a long MIME header. The NVD entry lists a-network attack vector, low complexity, no authentication, and partial CIA impact with a base score of 7.5 (H...

CVE-2000-0912

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...

NSFOCUS SA2000-09 : AHG EZshopper Loadpage.cgi File List Disclosure Vulnerability

NSFOCUS Security AdvisorySA2000-09 Topic: AHG EZshopper Loadpage.cgi File List Disclosure Vulnerability Release DateЈє Dec 13rd, 2000 CVE Candidate Numbers: CAN-2000-1092 Affected system: ================ Alex Heiphetz Group EZshopper v.3.0 for Unix Alex Heiphetz Group EZshopper v.2.0 for Unix...

Очередные дырки в CGI

Недостаточная проверка ввода пользователя приводит к различным неприятным последствиям...

ezmlm-cgi/ezmlm-idx-0.40 security advisory

Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....

Дырка в ezmlm-cgi

Пользователь может задать собственный конфигурационный файл и выполнить любые команды...

(SRADV00005) Remote command execution vulnerabilities in MailMan Webmail

================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...

Дырки в mailman webmail

Классические дырки perl CGI при работе с файлами...

SRADV00005.txt

================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...

Endymion MailMan 3.0.x - Arbitrary Command Execution

Endymion MailMan 3.0.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of t...

ezmlm-cgi

Package : ezmlm-0.53 and below ezmlm-cgi Announced: 2000-12-05 Ezmlm is an easy to use mailing list manager for qmail. It ships with a cgi application to allow for list archiving and reviewal over the web. Documentation states that the cgi should be installed suid root, but in real world...

PHF (Linuxx86) - Remote Buffer Overflow

PHF Linuxx86 - Remote Buffer Overflow / | phx.c -- phf buffer overflow exploit for Linux-ix86 | Copyright c 2000 by proton. All rights reserved. | | This program is free software; you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Fr...

IBM Net.Data 7.0 - Full Path Disclosure

source: https://www.securityfocus.com/bid/2017/info IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases. Net.Data contains a vulnerability which reveals server information...

Дырка в IBM Net.Data

Классическое переполнение буфера в CGI db2www при обработке PATHINFO...

[Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

NSFOCUS Security AdvisorySA2000-07 Topic: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Release DateЈє Nov 7th, 2000 Update DateЈє Nov 23rd, 2000 CVE Candidate Numbers: CAN-2000-0886 BUGTRAQ ID : 1912 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact:...

Markus Triska CGIForum 1.0 - thesection Directory Traversal

Markus Triska CGIForum 1.0 - thesection Directory Traversal source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the...

BB4 Big Brother Network Monitor 1.5 d2 - 'bb-hist.sh?HISTFILE' File Existence Disclosure

source : https://www.securityfocus.com/bid/1971/info Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing. The problem occurs in the Common Gateway Interface package included with Big...

FreeBSD-SA-00:73.thttpd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...

Дырка в dnstool CGI

Некорректная замена метасимволов может привести к возможности удаленного выполнения команд...